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Continued Examination Under 37 CFR 1.114 

1. A request for continued examination under 37 CFR 1.114, 
including the fee set forth in 37 CFR 1.17(e), was filed in this 
application after final rejection. Since this application is 
eligible for continued examination under 37 CFR 1.114, and the 
fee set forth in 37 CFR 1.17(e) has been timely paid, the 
finality of the previous Office action has been withdrawn 
pursuant to 37 CFR 1.114. Applicant's submission filed on April 
17, 2006 has been entered. 

Response to Amendment 

2. The amendment filed on April 17, 2006 has been fully 
considered but are moot in view of the new grounds of rejection. 

• Claims 10,14-16 and 26-31 have been canceled. 

• Claims 1-9,1-13,17-25 and 32 are presented for examination. 
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Claim Rejections - 35 USC §103 



The following is a quotation of 35 U.S.C. 103(a) which 
forms the basis for all obviousness rejections set forth in this 



Office action: 



(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 



3. Claims 1-3,10-11,17-19,22, and 32 are rejected under 35 
U.S.C. 103(a) as being unpatentable over Primak et al USPN 
(6598077) in view of Canion et al USPN. (20020108059). 



As per claim 1, and 17, Primak teaches in a routing device 
(dynamic route 10), a method of operation comprising: 

receiving a packet sent by a client device [a client's 
request for dynamic content to the dynamic content router. The 
dynamic content router then determines the appropriate 
application server or application cluster for the client's 
request based on number of factors, including but not limited to 
the content availability, data server's capacity and session 
persistence. Col. 3, lines 59 to col. 4, line 5); 
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determining if the packet is destined for a server of 
interest by reference to a destination address of the packet 
(When a session is established between the client and the 
selected application server, the dynamic content router examines 
the session communications to determine or extract a client 
identifier (also referred to herein as a content identifier) . 
The dynamic content router utilizes the content identifier to 
determine if the client is already logged onto one of the 
application servers on the site col. 4, lines 16-26 and col. 6, 
lines 9-34); if the packet is not destined for the server of 
interest, routing the packet to its destination; if the packet 
is determined to be destined for the server of interest, routing 
the packet to its destination (col. 6, lines 35-43), 
independently determining whether said packet is a part of a 
conversation between the client device and the server of 
interest based at least in part on persistent information 
included in said packet [However, since the client request 
includes session ID, the dynamic router 10 can extract the 
session ID from the client request. The extracted session ID 
then can be used by the dynamic router 10 to search the session 
label 12 to find corresponding content label. That is, once the 
session ID is found in the session table 12, the dynamic content 
router can use the link to locate the content label associated 
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with this client and thereafter determine the dynamic content 
based on the content label, (col. 6, lines 9-34); and 
handling the packet based at least in part on the result of said 
independent determination by forwarding the packet to if the 
packet is deemed to be part of a conversation between the client 
and the server (col. 6, lines 9-42). 

Although Primak shows substantial features of the claimed 
invention as explained above, he does not explicitly show 
dropping the packet if the packet is deemed to be an undesirable 
packets . 

Nonetheless, this feature is well known in the art and 
would have been an obvious modification of the system disclosed 
by Primak, as evidenced by Canion et al USPN. (20020108059). 
In analogous art, Canion et al whose invention is about a system 
for detecting incoming data packets in a network, disclose a way 
of determining whether to forward or drop a packet through a 
network in response to a conversation identifier (received 
packet information) to protect the network against undesirable 
packets (packets with potential security violations) (1 0174- 
0177 and I 0183-0187) . Giving the teaching of Canion et al, a 
person of ordinary skill in the art would have readily 
recognized the desirability and the advantage of modifying 
Primak et al by employing the intrusion detection system of 
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Canion et al in order to identify packets with potential 
security violations for the advantage of protecting the network 
against network security attacks such as denial of service 
attacks, sync attacks, ping attacks and unauthorized attacks (fl 
0171 and SI 0183-0187) . 

As per claim 2 and 18, Primark et al teach the invention, 
wherein said independent determination comprises independently 
verifying a conversation identifier included in said packet 
based at least in part on other information included (col. 4, 
lines 16-26 and col. 6, lines 9-34). 

As per claim 3 and 19, Primark et al teach the invention, 
wherein said independent verification comprises independently 
regenerating the conversation identifier using at least said 
other information included in said packet; and 

comparing the independently re-generated conversation 
identifier with the included conversation identifier [col. 9, 
lines 20-46) . 

As per claim 11 and 22, Primak et al teaches a method of 
operation comprising: 

at least one processor (10,20, 30, fig. 2); 
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generating an independently verifiable conversation 
identifier for a packet destined for a client device, using at 
least persistent information that will be included in said 
packet [col. 9, lines 20-46); 

including the independently verifiable conversation 
identifier with said packet for use by the client device to 
include in a subsequent packet sent by the client device 
destined for the server [col. 4, lines 16-26 and col. 6, lines 
9-34]; and 

transmitting said independently verifiable conversation 
identifier included packet to said client device (col. 4, lines 
16-26 and col. 6, lines 9-34); 

Primark et al further teach a summation unit to insert the 
independently verifiable conversation identifier with a packet 
[col. 7, lines 63 to col. 8, lines 9 and col. 11, lines 41-56]; 
determining if the packet is destined for a server of interest 
by reference to a destination address of the packet (When a 
session is established between the client and the selected 
application server, the dynamic content router examines the 
session communications to determine or extract a client 
identifier (also referred to herein as a content identifier) . 
The dynamic content router utilizes the content identifier to 
determine if the client is already logged onto one of the 
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application servers on the site (col. 4, lines 16-26 and col. 6, 
lines 9-34); if the packet is not destined for the server of 
interest, routing the packet to its destination; if the packet 
is determined to be destined for the server of interest, routing 
the packet to its destination (col. 6, lines 35-43), 
independently determining whether said packet is a part of a 
conversation between the client device and the server of 
interest based at least in part on persistent information 
included in said packet [However, since the client request 
includes session ID, the dynamic router 10 can extract the 
session ID from the client request. The extracted session ID 
then can be used by the dynamic router 10 to search the session 
table 12 to find corresponding content label. That is, once the 
session ID is found in the session table 12, the dynamic content 
router can use the link to locate the content label associated 
with this client and thereafter determine the dynamic content 
based on the content label (col. 6, lines 9-34). 
Although Primak shows substantial features of the claimed 
invention as explained above, he does not explicitly show 
dropping the packet if the packet is deemed to be an undesirable 
packets . 
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Nonetheless, this feature is well known in the art and 
would have been an obvious modification of the system disclosed 
by Primak, as evidenced by Canion et al USPN. (20020108059). 
In analogous art, Canion et al whose invention is about a system 
for detecting incoming data packets in a network, disclose a way 
of determining whether to forward or drop a packet through a 
network in response to a conversation identifier (received 
packet information) to protect the network against undesirable 
packets (packets with potential security violations) (5 0174- 
0177 and 1 0183-0187) . Giving the teaching of Canion et al, a 
person of ordinary skill in the art would have readily 
recognized the desirability and the advantage of modifying 
Primak et al by employing the intrusion detection system of 
Canion et al in order to identify packets with potential 
security violations for the advantage of protecting the network 
against network security attacks such as denial of service 
attacks, sync attacks, ping attacks and unauthorized attacks (f 
0171 and 1 0183-0187) . 

As per claim 32, Canion et al as modified teach the invention, 
where the function unit (processing unit) drops packets that are 
not part of the conversation identifier to protect the server 
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against receipt of undesirable packets (1 0174-0177 and 0183- 
0187) . 

4. Claims 4-9, 12-13 and 21, 23-25 rejected under 35 U.S.C. 
103(a) as being unpatentable over Primak et al USPN (6598077) in 
view of Canion et al USPN. (20020108059) and further in view of 
Bull et al USPN (6799270) and further 

As per claims 4 and 12, although Primak et al show substantial 
features of the claimed invention as explained in claim 1 and 11 
above, they do not explicitly show a nonce. 

Nonetheless, this feature is well known in the art and 
would have been an obvious modification of the system disclosed 
by Primak et al, as evidenced by Bull et al USPN. (16799270) . 
In analogous art, Bull et al whose invention is about a system 
for securely distributing session keys over a network of a chain 
of nodes including client nodes (14), server nodes (18) and 
intermediate nodes (18), disclose a bit string of data that 
includes a nonce (randomly generated value that is concatenated 
to the end of a message) that is used for identification and 
verification purpose [Col. 6, lines 39-50 and col. 7, lines 21- 
60] . Giving the teaching of Bull et al, a person of ordinary 
skill in the art would have readily recognized the desirability 
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and the advantage of modifying Primak et al by employing the 
system of Bull et in order to generate a unique value that 
identifies a client session and to verify the integrity of the 
response coming from the server [Col. 6, lines 39-50 and col. 
7, lines 29-35] . 

Bull et al further teaches said re-generating the nonce 
using a deterministic function with a sequence number of the 
nonce and a plurality of persistent field values extracted from 
the packet, and a pre-provided secret value as inputs to the 
deterministic function [Col. 5, lines 9-34 and Col. 6, lines 7- 
65] . 

As per claims 5, 13 and 24, Primak et al teach the invention, 
wherein said plurality of persistent field values comprise one 
or more of a source address, a destination address and a port 
number [client session (packet) with web server inherently 
includes a source address, a destination address and a port 
number] . 

As per claim 6, Bull et al further teach the invention as 
explained in claim 4 above, wherein the method further comprises 
at least one of receiving into said routing device said secret 
value, and equipping/configuring said routing device with said 
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deterministic function [Col. 5, lines 9-34 and Col. 6, lines 7- 
65] . 

As per claim 7 and 25, Bull et al further teaches the invention, 
wherein said independent generation is performed using a 
selected one of a message authentication code function and an 
universal hash function [col. 5, lines 39 to Col. 6, lines 7- 
47] . 

As per claim 8, Primark et al as modified teach the invention, 
wherein the method further comprises recording a time of first 
observation for the nonce if the nonce is a newly observed nonce 
[col. 9, lines 20-67] . 

As per claim 9, Primark et al as modified teach the invention, 
wherein the method further comprises determining if time has 
elapsed more than a predetermined threshold since a time of 
first observation was recorded for the nonce, if the extracted 
nonce and the independently generated nonce are deemed to be the 
same [col. 9, lines 20-67]. 
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As per claims 20-21 and 23, these claims include similar 
limitations as claim 4 and 12 above. Therefore, they are 
rejected with the same rationale. 

Conclusion 

5. The prior made of record and not relied upon is considered 
pertinent to applicant's disclosure. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Yasin Barqadle whose telephone number is 571-272- 
3947. The examiner can normally be reached on 9:00 AM to 5:30 PM. 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Glenn Burgess can be 
reached on 571-272-394 9. The fax phone numbers for the 
organization where this application or proceeding is assigned 
are 703-872-9306 for regular communications and 703-746-7238 for 
After Final communications. 

Any inquiry of a general nature or relating to the status 
of this application or proceeding should be directed to the 
receptionist whose telephone number is 703-305-3900. 

Information regarding the status of an application may be 
obtained form the Patent Application Information Retrieval 
(PAIR) system. Status information for published applications may 
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be obtained from either private PAIR or public PAIR system. 
Status information for unpublished applications is available 
through private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have 
questions on access to the Private PAIR system, contact the 
Electronic Business Center (EBC) at 866-217-9197 (toll-free) . 
YB 
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